小米miflash+2014.05.09+中文版@25_64623.exe

downloader of lewell

Hefei Lewei Information Technology Co.,Ltd.

The application 小米miflash+2014.05.09+中文版@25_64623.exe by Hefei Lewei Information Technology Co.,Ltd has been detected as a potentially unwanted program by 20 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from xiazai.zol.com.cn and multiple other hosts.
Publisher:

Product:
downloader of lewell

Version:
1.0.0.3

MD5:
96dd80012c33291e1621b66f5bd66967

SHA-1:
7abd579fda8e4aeb080ee12a94bc21d53b60b288

SHA-256:
abf21bb789e34677c8140d6b60c8a98b1501f7947f76c2c5991a1f48e0400890

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/5/2024 11:13:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Qjwmonkey
7.1.1

AhnLab V3 Security
PUP/Win32.Generic
2015.12.11

Avira AntiVirus
APPL/Qjwmonkey.cfk
8.3.2.4

avast!
Win32:Adware-gen [Adw]
2014.9-151210

AVG
Generic7
2016.0.2899

Baidu Antivirus
Adware.Win32.Qjwmonkey
4.0.3.151210

Clam AntiVirus
Win.Adware.Kazy-921
0.98/21511

Dr.Web
Adware.Qjwmonkey.49
9.0.1.0344

ESET NOD32
Win32/Adware.Qjwmonkey (variant)
9.12702

Fortinet FortiGate
Riskware/Qjwmonkey
12/10/2015

G Data
Win32.Adware.Qjwmonkey
15.12.25

IKARUS anti.virus
PUA.Qjwmonkey
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18071

McAfee
Artemis!96DD80012C33
5600.6555

NANO AntiVirus
Riskware.Win32.Qjwmonkey.dyznft
1.0.10.5081

Panda Antivirus
Trj/Genetic.gen
15.12.10.08

Rising Antivirus
PE:Adware.Qjwmonkey!1.A299 [F]
23.00.65.151208

VIPRE Antivirus
Trojan.Win32.Generic
45742

ViRobot
Adware.Qjwmonkey.746576[h]
2014.3.20.0

Zillya! Antivirus
Adware.OutBrowse.Win32.65860
2.0.0.2557

File size:
729.1 KB (746,576 bytes)

Product version:
1.0.0.3

Original file name:
downloader of lewell

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Digital Signature
Authority:
WoSign CA Limited

Valid from:
10/29/2015 9:17:37 AM

Valid to:
10/29/2016 9:17:37 AM

Subject:
CN="Hefei Lewei Information Technology Co.,Ltd.", O="Hefei Lewei Information Technology Co.,Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
5AB7015B756534ACC678E7DB75D22D97

File PE Metadata
Compilation timestamp:
11/24/2015 8:19:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:4JBjtWilh02q4etFLqOb67jBRBq8BZhrnkNUNiyFxdslFW:4J5uJ7bsBRBLtrnkNU/xdsXW

Entry address:
0x1FF0B

Entry point:
E8, A9, A3, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 9F, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, EB, 2A, 00, 00, 59, 8B, F8, 56, 53, E8, E5, A4, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 8D, 04, 1F, 56, 6A, 00, 50, E8, 0C, 00, 00, 00, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74...
 
[+]

Entropy:
6.4174

Code size:
219 KB (224,256 bytes)

The file 小米miflash+2014.05.09+中文版@25_64623.exe has been seen being distributed by the following 5 URLs.

http://xiazai.zol.com.cn/down.php?nn=98a21f9277d3a14de&softid=330483&subcateid=130&site=10&server=10&rand=1963878&position=1